TROY -- As the number of persons whose medical records were improperly accessed by employees at the county jail increases, questions remain as to how an investigation by the Sheriff's Department failed to interview a key jail employee until a year after the breach was discovered.

According to hospital spokesman Elmer Streeter, the only person with approved access to medical records at the jail was the nursing supervisor, Elaine Young.

Recently, Young, 59, resigned from the jail, but her attorney, Kevin Luibrand, said she was only questioned in connection with the medical record breach late last year, more than a year after the investigation was opened.

Advertisement

"She cooperated fully," Luibrand said of Young, who has since resigned her position at the jail.

Luibrand said his client never searched anyone's records other than inmates at the jail.

"Elaine Young didn't engage in anything improper," said Luibrand. "She made her password available to other staff members, she had it taped it to her drawer so that the other nurses could access medical records for legitimate reasons."

Despite Luibrand's assertions, a source with knowledge of the jail's layout told The Record Young had a private office to which only she and another nurse, Crystal Waters, had keys. Information gained from persons with knowledge of the investigation state that the breaches occurred during shifts when either Young or Waters were on duty.

According to Streeter, in December 2011, the Sheriff's Department had informed Samaritan it was conducting an inquiry with possible criminal implications.

That probe placed several restrictions on the hospital, including preventing officials from informing patients of the violation of their confidentiality.

Samaritan also was prevented from notifying the Department of Health and Human Services Office of Civil Rights, the agency responsible for enforcement of the HIPPA Act protecting patient's rights, something required by law.

Asked what triggered the recent re-investigation that revealed even more people whose records were breached, Streeter again pointed to the Sheriff's Department.

"We thought with the turnover in the investigative staff at the Sheriff's office, and out of an abundance of caution, it would be best to go back and look at the list of names again," he said.

The initial probe, based on a complaint from a former employee at the jail, revealed 23 hospital patients had their records accessed improperly. The more recent search dating back through 2006 resulted in the discovery of an additional 25 people whose records were improperly accessed.

"The additional letters of notification went out last Friday," Streeter said, declining to identify those persons except to say they were not inmates at the jail.

"The only proper access to records at Samaritan would have been for inmate medical records," Streeter said. "These breaches were not inmates."

The hospital immediately reported the most recent discovery to HHS-OCR, though Samaritan has heard nothing from the federal agency yet.

"We have not been contacted by them at this time," Streeter said. "But it would not be unusual for them to look into this further at some point."

The chief of the Melrose Volunteer Fire Department's 11-year-old daughter's records were also breached, after she was bitten by a dog belonging to a corrections officer

Streeter maintains that no one at the hospital did anything improper.

"No one has been disciplined at Samaritan," Streeter said. "This is a question of improper access at the jail, and there was only one password that was assigned to one individual at the jail."

The hospital has heard from some those whose records were breached.

"We've had seven of the 23 contact us," Streeter said.

Of the second batch of notifications, Samaritan has so far heard from four.

Attempts to reach the Sheriff's Department for comment were unsuccessful.